A onetime employee of the Nuclear Regulatory Commission and Department of Energy on Monday received an 18-month prison sentence for an attempted 2015 “spear-phishing” strike against DOE email accounts located at several National Nuclear Security Administration (NNSA) sites, the Department of Justice said.
The sentence came just over two months after Charles Harvey Eccleston, 62, pleaded guilty in federal court in Washington, D.C., to attempted unauthorized access and intentional damage to a protected computer. As part of his plea, Eccleston acknowledged plotting to carry out a cyberattack in which DOE personnel would receive an email that appeared to be from a “trusted source,” but that would instead carry a computer virus intended either to provide a foreign country access to agency information or allow it to shut down agency servers, DOJ said.
“Charles Harvey Eccleston is a scientist and former government employee who was willing to betray his country and his former employer out of spite,” U.S. Attorney Channing Phillips said in the DOJ statement. “His attempts to sell access to sensitive computer networks demonstrate why the government must be so vigilant to prevent cyber-attacks.”
The DOJ press release said Eccleston was dismissed from the NRC in 2010 and had been living in the Philippines since 2011, where in 2013 he entered a foreign embassy and offered to sell for $18,800 a list he said contained more than 5,000 email accounts for engineers and other officials with a U.S. government energy agency. He indicated that he was willing to sell the data to China, Iran, or Venezuela if the first sale attempt failed.
According to an affidavit in support of a criminal complaint filed in 2013 in the U.S. District Court for D.C., Eccleston said he wanted to sell the information “because he was not considered worthy by his higher-ups at the ‘U.S. Energy Commission’ and was looking for income to stay in the Philippines.” He had worked as a facilities security specialist with a “secret” security clearance between 2008 and 2010, and as a principal scientist for the DOE with a “top secret” security clearance between 1988 and 2001, the document says. He was terminated from the NRC “due to performance and conduct issues,” the affidavit said. In a 2013 meeting with an undercover FBI agent, Eccleston said he is “one of the most noted scientists in the entire world in my particular area” and that his “boss who was thirty years old . . . was intimidated by how much I knew.”
During the FBI undercover investigation that followed, Eccleston showed one undercover operative posing as a foreign country representative a list of about 5,000 email addresses he claimed were for NRC employees, asking $23,000 for the list he said could be exploited to send a computer virus to NRC computers – the email addresses were later identified as publically-accessible. In a later meeting with an undercover agent, Eccleston claimed to have 30,000 DOE personnel email accounts for DOE workers that could be used for a computer strike. He subsequently “identified several dozen DOE employees whom he claimed had access to information related to nuclear weapons or nuclear materials as targets for the attack” and offered to send spear-phishing emails to selected targets, DOJ said.
Eccleston also suggested that the undercover agent could sell the email addresses to Hezbollah, the affidavit said. In a 2014 phone call with the agent, he proposed future cyberattack schemes and said he had obtained a database of almost 5,000 contacts for NNSA personnel, “something for your management to think about.”
Eccleston drafted emails advertising nuclear energy conferences that contained a link he believed would put a virus on recipients’ computers, the DOJ said. In January 2015 he sent the harmless FBI-supplied link to a list of targeted email accounts, intending to infect computers used by about 80 DOE workers at multiple facilities, including laboratories connected to nuclear materials, the release says. The affidavit said the email recipients have offices at the Oak Ridge, Los Alamos, Sandia, and Lawrence Livermore national laboratories.
Eccleston was later detained by Philippines police following a meeting with an undercover FBI employee, in which he believed he would receive about $80,000 for sending the fake phishing emails. Along with his prison sentence, Eccleston was ordered to forfeit $9,000, the amount he received from the FBI during the investigation for travel and other expenses.
“Eccleston’s sentence holds him accountable for his attempt to compromise, exploit and damage U.S. government computer systems that contained sensitive nuclear weapon-related information with the intent of allowing foreign nations to gain access to that information or to damage essential systems,” Assistant Attorney General for National Security John Carlin said in the press release. “One of our highest priorities in the National Security Division remains protecting our national assets from cyber intrusions. We must continue to evolve and remain vigilant in our efforts and capabilities to confront cyber-enabled threats and aggressively detect, disrupt and deter them.”
